CVE-2023-22458 — Integer Overflow or Wraparound in Redis

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

56.8%

top 1.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redis Debian Redis Msrc Cbl2 Redis 6.2.9-1 ON CBL Mariner 2.0 +1 more

Timeline

PublishedJan 20

Description

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDredis/redis6.2.0 — 6.2.9+1

▶debiandebian/redis< redis 5:7.0.8-1 (bookworm)

▶Debianredis/redis< 5:7.0.8-1+2

▶CVEListV5redis/redis>= 6.2, < 6.2.9, >= 7.0, < 7.0.8+1

▶msrcmsrc/cm1_redis_6.2.7-3_on_cbl_mariner_1.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2023-22458: Redis is an in-memory database that persists on disk↗2023-01-20

▶

📋Vendor Advisories

Red Hat

redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service↗2023-01-17

▶

Microsoft

Integer overflow in multiple Redis commands can lead to denial-of-service↗2023-01-10

▶

Debian

CVE-2023-22458: redis - Redis is an in-memory database that persists on disk. Authenticated users can is...↗2023

▶